Programmable devices such as a programmable logic device (PLD) and a field-programmable gate array (FPGA) are integrated circuits that may be programmed by a user (e.g., a circuit designer) to perform specified functions. Programmable devices are becoming ever more popular, largely because they are less expensive in relatively small quantities and require less time to implement than semi-custom and custom integrated circuits.
Typical FPGAs are general-purpose programmable devices that are customizable by an end user to realize a desired user-specific circuit. The basic device architecture of an example type of FPGA involves an array of configurable logic blocks embedded in a configurable interconnect structure including I/O blocks configurable as, for example, an output buffer, an input buffer or a bidirectional buffer. An I/O block is configurable to register incoming data, to register outgoing data, and/or to provide a tri-state output. A configurable logic block is configurable to perform one of many logic functions. For example, a configurable logic block may be configured to realize combinational logic elements, sequential logic elements, lookup tables, and/or control multiplexers.
To realize a desired user-specific circuit, the end user configures the configurable interconnect structure to connect the circuitry of multiple configured configurable logic blocks and multiple configured I/O blocks together so that the resulting circuit is the desired user-specific circuit. The configuration of the logic and interconnects for this type of FPGA is typically accomplished by downloading a bitstream from an external memory to the FPGA. Configuration logic implemented with the FPGA transmits the bitstream from an input to configuration memory on the FPGA.
Downloading configuration information is useful for a variety of purposes, making the implementation of the FPGA highly flexible. However, since the configuration bitstream is transmitted from an external source, a potential pirate may intercept the bitstream and make unauthorized copies of the configuration. For this reason, many FPGAs include bitstream encryption. Bitstream encryption relies on an encryption key that is used to encrypt the bitstream. A corresponding decryption key (typically the same as the encryption key) is stored on the FPGA and used by the FPGA configuration logic to decrypt the bitstream before loading it into configuration memory. With this approach, a potential pirate can still steal the encrypted bitstream, but the bitstream is useless without the key. In this regard, only an FPGA that has the proper key can use the bitstream.
Unfortunately, decryption circuitry may be large, taking up valuable chip area. Also, decryption circuitry is used only during chip configuration, typically lasting only milliseconds when the FPGA power is turned on. Devoting such a large chip area to a configuration process that is so short is generally undesirable.
One approach to addressing the above-discussed issues regarding the amount of chip area used by decryption circuitry involves the use of microcontroller-implemented configuration logic. Relative to on-chip decryption circuitry, microcontroller-implemented configuration logic takes up a relatively small amount of space. Implementation of such a microcontroller might typically involve downloading boot code for the microcontroller before a configuration bitstream is sent. Downloading the boot code alleviates the need for a non-volatile memory for storing the microcontroller code and permits a user of an FPGA to download a custom downloadable decryptor, since only the key is required to be kept secret.
Implementing downloadable decryption technology with microcontroller-implemented configuration logic as discussed above would, however, involve the microcontroller reading encryption-related data, such as an encryption key. When the microcontroller is allowed to read encryption-related data, however, a pirate or other adverse party could access the encryption-related data by programming the microcontroller to read the encryption-related data and write that data to output pins. Once discovered, the encryption-related data can be used to gain unauthorized access to encrypted data.
The present invention may address one or more of the above issues.